Port Translation without "no dest nat" option

thuchaponthuchapon Member
Hello,

I need to create a virtual port that translate port and dest. But the ACOS force me to check "no dest nat" first before allow me to check "port translation".

So A10 can't translate port and dest in the same virtual port/service? Am I correct?

Comments

  • diederikdiederik Member
    edited March 2016
    No you are not correct, A10 can translate port and destination in the same virtual port/service.
    And that is default behaviour.

    Lets look at the following config:
    slb server server1 10.0.0.101
       port 80 tcp
    slb server server2 10.0.0.102
       port 8080 tcp
    
    slb service-group webservers tcp
       member server1:80
       member server2:8080
    
    slb virtual-server webservice 192.168.0.200
       port 80 tcp
          service-group webservers
    


    The default operation of this setup is destination nat;
    the client connects to destination IP 192.168.0.200, and when we forward it on to the "real server" it gets nat-ed to the IP of that server, 10.0.0.101 or 10.0.0.102.
    And when server 10.0.0.102 gets selected we have stated that the service runs on port 8080 on that server, so the port gets translated as well.

    "no dest nat" would disable the NAT features to just forward the connection to the MAC of the selected server, you would need that for Direct Server Return, when you want the server to communicate back to the client directly. In that case you do have the option to enable port translation again.
  • thuchaponthuchapon Member
    edited March 2016
    Many thanks. By the way, how to disable "port translation" but enable dest translation? Cab we?
  • diederikdiederik Member
    edited March 2016
    It depends on the setup you are trying to achieve.

    If you have traffic coming into a specific port as in my example, (virtual-server port 80) and you want to map that to the same port on the real-server, simply use the same port. (as I did with server1)

    If you do not want to do anything on the port level, you can do L3 load balancing, port information will then be preserved. You can use that in combination with wildcard VIPs.
  • thuchaponthuchapon Member
    edited March 2016
    If you have traffic coming into a specific port as in my example, (virtual-server port 80) and you want to map that to the same port on the real-server, simply use the same port. (as I did with server1)


    I think we can't do like that when each real-server opens on difference port (sv1 8080, sv2 8800, vs 80)

    If you do not want to do anything on the port level, you can do L3 load balancing, port information will then be preserved. You can use that in combination with wildcard VIPs.
    When we do L3 LB, we can't use L5-L7 template right?
  • diederikdiederik Member
    edited March 2016
    What is the use case?

    If you have the service running on different ports on the real-server side;
    sv1 8080
    sv2 8800
    then you need to change the port else it will never get accepted by the real server.

    if you have many different ports on the VIP/virtual-server, then why not create a service-group per port? you can also use port ranges.

    if you really need wildcard ports and revert to L3 load balancing, you can indeed not use L4-7 templates.
Sign In or Register to comment.